SSL and SF_NOTIFY_READ_RAW_DATA Filters

Applies To: Windows Server 2003, Windows Server 2003 with SP1

In IIS 6.0, SSL communication must use the SF_NOTIFY_READ_RAW_DATA notification in worker process isolation mode. However, these notifications are not supported in IIS 6.0 in worker process isolation mode. For this reason, IIS creates a new SSL service that is associated with worker process isolation mode. This service runs entirely outside of any IIS process; currently, it runs as lsass.exe, although it can be configured to run as an instance of Svchost.exe. For raw, unencrypted SSL data, Http.sys uses this new SSL service in much the same way it uses Inetinfo.exe in IIS 5.0 isolation mode for raw data filter support. However, in IIS 5.0 isolation mode, the SSL code runs in Inetinfo.exe instead of in its own service.

For more information about how SF_NOTIFY_READ_RAW_DATA notifications are handled in IIS 6.0 isolation modes, see Application Isolation Modes.